I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

(SCADA) management systems has seen rapid spread. The Stuxnet worm is also believed to have targeted Iran's nuclear facilities. In India, the situation is alarming, as Manu Zacharia, the director of information security at Millennium IT Consultants Private Limited, claims it to be the second most highly susceptible country to the Stuxnet worm attack. “On an average, a thousand systems are getting infected, every day,” informs Zacharia.

As of now, only the Siemens SCADA systems (S7-400 PLC and SIMATIC WinCC) have been found vulnerable to the Stuxnet worm. However, Neelabh Rai, the consultant for information security at Pyramid Cyber Security and Forensic Private Limited, fears that Stuxnet may be a major security threat for India, since most of the industrial control systems in the country that run manufacturing plants, power generation and distribution plants, refining water treatment plants, and oil and gas plants use Siemens’ SCADA systems.

Combating the Stuxnet worm

Mookhey suggests that enterprises using SCADA systems must contact their vendor to find out the minimum security measures that can be implemented, without affecting the production environment. For instance, Siemens has released a detection and removal tool for the Stuxnet worm and also advises installation of Microsoft patches for zero-day Windows vulnerabilities.

Fixing Windows may not be sufficient to disinfect the system; a thorough audit of programmable logic controllers (PLC) is recommended.

Even if a SCADA system has been infected with Stuxnet worm, you can stop the malware from spreading by identifying the command and control servers from server logs of firewalls as well as unified threat management. Rai suggests that host intrusion prevention and detection systems are ideal in such a scenario, as the Stuxnet rootkit may not get caught by traditional antivirus.

It is recommended to completely harden the link between the SCADA system and corporate network (as well as every connected system).

CERT-In has launched two bulletins on the Stuxnet worm on its website (http://www.cert-in.org.in/virus/Stuxnet_Rootkit.htm), which also suggest ways to detect the rootkit and countermeasures.

SCADA systems are not usually connected to the Internet, but the Stuxnet worm could spread via infected memory sticks plugged into a computer’s USB port. The malware also exploits the four zero-day vulnerabilities of Microsoft Windows. While the Stuxnet threat may be increasing, its awareness among enterprises in the utility sector is limited.

K K Mookhey, the principal consultant at NII Consulting, explains, “Indian enterprises believe that as the SCADA systems are obscure, no one would be able to figure out how to attack them; thus, the security controls are devised on this faulty assessment.” The security of SCADA systems needs to be treated with as much priority as the traditional TCP/ IP networks. Zacharia also refers to these low awareness levels and points out that although Microsoft has come out with patches related to the vulnerabilities that the Stuxnet worm targets, not all Indian enterprises may have upgraded to it.

Security issues with SCADA systems

According to Mookhey, it is quite common to find a network bridge between SCADA and corporate networks (TCP/IP), which might be used to extract data for producing reports. This creates scenarios where the SCADA networks are not completely isolated anymore. He further explains that the Stuxnet worm first targets Windows to get access to the SCADA system (which relies on traditional Sun Microsystems or IBM servers). If these servers are not properly hardened, they can be exploited by hackers to get access to the SCADA system.

SCADA systems run large-scale businesses. Hence, no test environments are available for enterprises to harden the network. Even if such test environments exist, they are different from the production system. Thus, no company is concerned about testing the system supplied by the vendor, which keeps running on default configuration. This increases the risk of security threats like the Stuxnet worm.

Stuxnet worm: A cyber weapon against India?

The Stuxnet worm is being propagated as the best malware ever written and is being touted as a fearsome prototype of a cyber weapon, which targets the critical infrastructure. The sophistication of the malware clearly indicates it is the work of a well-financed team or government-funded agency. Could the Stuxnet worm have been created by another government or agency to attack Indian SCADA systems? Consultants believe that the possibility cannot be ruled out. A cyber-warfare attack on the infrastructure of the country, disrupting power, public utilities, traffic, and other computer-controlled systems no longer exists only in science fiction.

It is suspected that the Stuxnet worm has struck the Indian Space Research Organization’s INSAT-4B Satellite, which also uses Siemens S7-400 PLC and SIMATIC WinCC. So, is India ready to enter the age of cyber warfare? “Few organizations in India keep an eye on these activities and are preparing themselves to handle such attacks,” claims Zacharia.

Today, every state has a CERT-In representative and information continuously flows between the center and the state entities. However, to what extent these guidelines are implemented at the end level is debatable. Rai believes that independent cyber security researchers should be encouraged to take up such causes, as it’s not possible to completely rely on CERT-In.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy